CVE-2026-10789
CRITICALAutodesk Fusion MCP Extension - Arbitrary Code Execution
Title source: manualDescription
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008
Scores
CVSS v3
9.6
EPSS
0.0038
EPSS Percentile
30.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (2)
autodesk/fusion
< 2703.1.20
Autodesk/Fusion
2703.1.11 - 2703.1.20
Published
Jun 22, 2026
Tracked Since
Jun 22, 2026